Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Secure Public Data Repository?

Posted by michael on from the inviting-target dept.

jducoeur writes "So Hailstorm has died an unlamented death. But the demand for the idea of an information repository isn't going to go away -- users demand convenience, and this would be convenient. So here's a timely question looking for wild speculation: how would a truly secure, public data repository work? How would your data be stored? Would it be centralized or distributed? How would you grant access to specific elements within it? What would the business case for running such an archive be? Maybe if we can come up with a good design now, we can head off the next inevitable bad one..."

5 of 175 comments (clear)

  1. Let me ask one question... by kjz · · Score: 4, Insightful

    Why does the repository need to be public? In an era of very powerful client machines, why must we have a centralized database to make this work? Systems like Napster and Gnutella have already demonstrated the ability of end-user machines to distribute data effectively (though not always efficiently.)

    I belive the safest route would be to avoid the publicly accessible, centralized data store and focus on what has worked so well for the Internet in the past: standard communications protocols. By leaving the data on individual systems, we minimize the risk of exposing vast quantities of personal information as an attacker would need to go after millions of machines in turn. It's possible, but it wouldn't be easy.

    1. Re:Let me ask one question... by crimoid · · Score: 4, Insightful

      Once mobile phones, computer, watches, toasters and everything else under the sun becomes net enabled the "powerful client" gets thrown out the window. The need then becomes one of availability. Needing to keep many of these gadgets "in sync" with one another (and your personal information) becomes hard. The easiest solution is one form of central repository, hence the "need".

      Now one might argue that in the future (present?) broadband will be able to allow everyone to "serve" their own information from their home PC (aka.. home server) but the infrastructure to do this in some sort of secure, standardized, highly-available way is more than "wouldn't be easy".

      For 99% of the population I'd imagine that their personal info would be safer in the hands of trusted professionals rather than residing on grandma's 486. The question will eventually come down to which professional do you trust the most.

  2. Public Repositories by Moonshadow · · Score: 4, Insightful
    Well, there's some newfangled thing like that today. It's called the "Internet" or something like that. Supposedly, anyone can put anything they want on there! Imagine that!

    Seriously, though, the Net is a public data repository. Each node is as secure as its sysadmins, and information can be public or private. It's publically accessable, and you can protect whatever you want to protect from the public.

    Best of all, it's a network, not a centralized, attackable, censorable entity.

    Wheel, re-invent, why?

  3. Why don't you ask the users? by Wonko42 · · Score: 5, Insightful
    Who demands convenience? I don't demand convenience. I *prefer* not having all my eggs in one basket. I like being able to choose which companies get to know which details about me. If I have a hard time keeping track of all my different passwords or user accounts, I'll write my passwords down and store them in a text file that's PGP-encrypted with a 4096-bit key and a passphrase that I know I'll never forget.

    I don't want to have to trust some company to store all my information for me. I also don't want to trust some open source project with that information. In fact, I *especially* don't want to trust an open source project with it. The only person I trust with my personal information is me.

  4. I dont like this news post by Edmund+Blackadder · · Score: 4, Insightful

    I hate it when questionable statements are presented as undisputed facts:

    "But the demand for the idea of an information repository isn't going to go away -- users demand convenience, and this would be convenient."

    I cant see anybody other than advertising agencies or aspiring dictators demanding a central information repository.

    And yet the news story suggests that consumers are demanding it. I really really doubt that. Any customer convinience can be achieved if the customer data is stored at his/her computer and is completely under his/her control.

    This may be an interesting issue but is worded in a way that loads the question. Slashdot editors should be more careful.